On Sat, Apr 29, 2006 at 04:20:22AM +1000, glymr wrote: [...] > i did some thinking and i figured out that with any number of hops, > one can compromise the data in the stream if one has alternating nodes > because each node can work out whether it is sending to the same node > as another is receiving, and knowing this information would enable > cryptanalysis, or at least would make timing analysis simple. it > certainly would increase the ability to determine a set of connections > to various sites and collate them together as an anonymous but > profiled user. Please, please, read the FAQ that Roger cited. You don't need alternating hops to do a correlation attack; you just need first and last. > i think that the best way to increase robustness against timing > attacks is to create random delays or jumble up the order of streams > in a way that adds noise to the timing data gathered. Congratulations; you just invented high-latency mix-nets. :) The problem is that nobody can prove that these "jumbling" techniques do any good in resisting an attacker until you increase the delay to the point where messages take a very long time to arrive. When this happens, you wind up with a very low number of users, so you don't get much anonymity anyway. You can find out more about the last 25 years of anonymity research at http://freehaven.net/anonbib/ . yrs, -- Nick Mathewson
Attachment:
pgpXdAZYuXRmu.pgp
Description: PGP signature